APNewsBreak: Cyber spies target American-Egyptian writer

By RAPHAEL SATTERFebruary 14, 2017

FILE - In this Thursday, March 8, 2012 file photo, Egyptian activist Samira Ibrahim, left, and Mona Eltahawy, a prominent Egyptian-born U.S. columnist, center, march in downtown Cairo, Egypt to mark International Women's Day. The Associated Press has found that the prominent American author is among dozens of activists, lawyers and human rights advocates who have been targeted in a sweeping cyberespionage campaign blamed on the Egyptian government. Booby-trapped emails sent to Eltahawy in December came from the same address behind the distribution of identical malicious messages to a host of other activists across Egypt.(AP Photo/Maya Alleruzzo, File)

PARIS (AP) — American-Egyptian author Mona Eltahawy is one of many activists and human rights advocates targeted in a sweeping cyberespionage campaign blamed on Egypt’s government, The Associated Press has found.

A booby-trapped email sent to Eltahawy and examined by the AP shows that she was targeted by the same password-stealing technique used to try to compromise staff at more than half a dozen Egyptian human rights organizations. Digital clues such as matching email addresses employed to send the malicious messages and the use of the same credential-harvesting website proved the same actor was involved.

Eltahawy, a fierce critic of Egypt’s government who has frequently complained about state surveillance, said she felt violated but not surprised.

“I’m used to this from the Egyptian regime,” she said in a series of telephone conversations with the AP. “I’m not trying to belittle what they’ve done, but I’m used to this.”

Officials in Cairo have yet to speak publicly about the barrage of malicious messages, also known as phishing emails, sent to civil society figures in recent months. The campaign, exposed by internet watchdog group Citizen Lab earlier this month, prompted Eltahawy to tweet that she was among its targets. Eltahawy’s partner later forwarded copies of the emails to the AP.

The message itself was closely tailored to Eltahawy’s concerns. An outspoken commentator on feminism, the Arab world and Egypt, Eltahawy was a constant media presence during the country’s 2011 uprising. She also has a sizeable following on Twitter, where she regularly shares news about activists caught up in Egypt’ grinding crackdown on dissent. Ever since Egypt’s 2013 military takeover, local rights groups have had their assets frozen, their staff detained and their leaders banned from traveling abroad.

On Dec. 7, women’s rights attorney Azza Soliman was arrested. In the following week, Eltahawy fielded social media messages about the lawyer’s upcoming court date. So when she received an email labeled “an important document about Azza Soliman,” she opened it right away.

“I usually never go and click on documents that are sent to me by people I don’t know,” she said. “But because this was Azza and I was very upset about what had happened to her, I immediately went and clicked.”

Eltahawy said she realized she had been fooled, especially after she received additional suspicious emails the next day and realized there was activity on her account she didn’t recognize.

“Someone logged onto my computer from another neighbourhood in Cairo!” she wrote to her partner via WhatsApp at the time. “Those (expletive) bastards!”

Eltahawy and other activists blame the government for the break-in. An Egyptian Interior Ministry official insisted to AP — on condition of anonymity — that officials weren’t involved. Circumstantial evidence such as bits of Arabic slang in the malicious sites’ code isn’t conclusive. The AP sent a message seeking comment to the email address used by Eltahawy’s hacker earlier this month, but the message went unanswered. Hours later, the email account was deleted.

Eltahawy’s experience demonstrates the power of phishing, which consists of deploying bogus emails to entice people to give up their passwords. It’s the Swiss Army knife of electronic espionage — ubiquitous, cheap and, done well, it can break in almost anywhere. Eltahawy’s hackers even appear to have bypassed an additional security measure known as two-factor authentication by sending out a second round of malicious messages.

Eltahawy paid them a grudging compliment.

“This is a testament to how good they are with these phishing things,” Eltahawy said. “They know how to get you.”